将现有私钥导入BKS Keystore [英] Import existing private key into BKS Keystore
问题描述
我有一个由openssl通过以下方式生成的密钥对
I have a key pair generated by openssl in the following way
openssl genrsa -out private_key.pem 2048
openssl genrsa -out private_key.pem 2048
我将其转换为DER格式,如下所示:
The I convert it to DER format as follow
openssl pkcs8 -topk8-通知PEM-更新DER -in private_key.pem \ -out private_key.der -nocrypt
openssl pkcs8 -topk8 -inform PEM -outform DER -in private_key.pem \ -out private_key.der -nocrypt
现在我想在android中导入它,但是我不想导入它,因为我想在密钥库中保护它.
And now I want to import it in android but I don't want import it as it I want to protect it within a keystore.
所以我的问题是如何使用keytool将现有密钥导入BKS密钥库?
So my question is how can I import a existing key into BKS keystore using keytool?
谢谢
推荐答案
在密钥库中,Private Key
始终伴随着Certificate Chain
(包括相应的证书).您不能仅将其本身添加到KeyStore中.
A Private Key
is always accompanied by a Certificate Chain
(that includes the corresponding Certificate) in a KeyStore. You cannot just add it to the KeyStore just by itself.
一旦生成了Private Key
,就可以生成一个自签名证书,然后可以使用此证书将私钥和证书一起添加到密钥库中.
Once you have generated the Private Key
, you can generate a self-signed Certificate, you can then use this certificate to add your private key along with the certificate to the KeyStore.
生成自签名证书
openssl请求-new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE] 天3650 -subj/[YOUR_SUBJECT_DN]
openssl req -new -x509 -key [PRIVATE_KEY_FILE] -out [SELF_SIGNED_CERTIFICATE_FILE] -days 3650 -subj /[YOUR_SUBJECT_DN]
创建包含私钥和证书的PKCS#12文件
openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in [CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey
openssl pkcs12 -export -inkey [PRIVATE_KEY_FILE] -in [CERTIFICATE_FILE] -out [PKCS12_FILE.p12] -name mykey
最后,将PKCS12 KeyStore转换为所需的BKS
存储类型
Finally, converting the PKCS12 KeyStore to your desired BKS
store type
keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD] -srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [ABSOLUTE_PATH_TO__bcprov-jdk15on-152.jar]
keytool -importkeystore -srckeystore [ABOVE_P12_FILE] -srcstorepass [ABOVE_P12_PASSWORD] -srcstoretype pkcs12 -destkeystore [NEW_P12_FILE.p12] -deststorepass [NEW_P12_PASSWORD] -deststoretype bks -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath [ABSOLUTE_PATH_TO__bcprov-jdk15on-152.jar]
如果需要Java默认存储类型JKS
,则可以从最后一个命令中删除-providerclass
和-providerpath
自变量.
If you need the Java default store type JKS
, you can remove the -providerclass
and -providerpath
arguments from the last command.
这篇关于将现有私钥导入BKS Keystore的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!